Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 6,811 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9133 | HIGH | Patched | 7.7 | 2026-05-20 | Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/valida… |
| CVE-2026-9129 | NONE | — | 2026-05-20 | A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deploym… | |
| CVE-2026-9126 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium se… |
| CVE-2026-9124 | MEDIUM | Patched | 5.3 | 2026-05-20 | Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak c… |
| CVE-2026-9123 | HIGH | Patched | 7.5 | 2026-05-20 | Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox … |
| CVE-2026-9122 | MEDIUM | Patched | 6.5 | 2026-05-20 | Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a cr… |
| CVE-2026-9121 | HIGH | Patched | 8.8 | 2026-05-20 | Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium se… |
| CVE-2026-9120 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) |
| CVE-2026-9119 | HIGH | Patched | 8.8 | 2026-05-20 | Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… |
| CVE-2026-9118 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security sev… |
| CVE-2026-9117 | HIGH | Patched | 7.5 | 2026-05-20 | Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform … |
| CVE-2026-9116 | MEDIUM | Patched | 4.3 | 2026-05-20 | Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (C… |
| CVE-2026-9115 | MEDIUM | Patched | 4.3 | 2026-05-20 | Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page… |
| CVE-2026-9114 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chro… |
| CVE-2026-9113 | MEDIUM | Patched | 4.3 | 2026-05-20 | Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromi… |
| CVE-2026-9112 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chr… |
| CVE-2026-9111 | HIGH | Patched | 8.8 | 2026-05-20 | Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security s… |
| CVE-2026-9110 | MEDIUM | Patched | 4.2 | 2026-05-20 | Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoo… |
| CVE-2026-9104 | MEDIUM | 6.4 | 2026-05-22 | The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input … | |
| CVE-2026-9102 | NONE | — | 2026-05-20 | A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authe… | |
| CVE-2026-9101 | MEDIUM | 4.3 | 2026-05-20 | Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading… | |
| CVE-2026-9100 | MEDIUM | 5.9 | 2026-05-20 | The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause a… | |
| CVE-2026-9098 | CRITICAL | 9.1 | 2026-05-28 | In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it co… | |
| CVE-2026-9097 | CRITICAL | 9.8 | 2026-05-28 | Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validat… | |
| CVE-2026-9096 | HIGH | 7.5 | 2026-05-28 | Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefor… |